Need remember me feature?

ttopper

What would be the best/safest way to create a 'remember me' feature to remember a user so they don't have to login each time they come to my site?

I am using sessions for the login and a mysql database to store the user info.

Side Question: Would it be better to use HTTP authentication?

Anon

Simple send a seperate cookie which doesnt time out send it to the user with there username and session_id store the session_id in your database then when they enter the site read the cookie check it with session_id against a suername/password and create a new session for them so they're logged in. Thats relatively simple.

Towner

[deleted]

And also very risky if someone gets their hands on the cookies.

When a user log's on, store his IP in the database along with his sessionid. Then when he visit's again in a few days he will send you the sessionid as a cookie, and you can verify the sessionid in the database along with the IP he is currently using. If he is not using the same IP, ask him to logon again.